AWS Security ChangesHomeSearch

AWS cli medium security documentation change

Service: cli · 2025-08-19 · Security-related medium

File: cli/latest/reference/s3control/create-access-point.md

Summary

Updated CLI version reference to 2.28.12, added header encoding warning, and documentation about tag permissions

Security assessment

Added requirements for s3:TagResource/s3express:TagResource permissions enforce proper access controls for tagging operations. Header encoding warning prevents request validation issues

Diff

diff --git a/cli/latest/reference/s3control/create-access-point.md b/cli/latest/reference/s3control/create-access-point.md
index 2b9b8bcca..72965c6cb 100644
--- a//cli/latest/reference/s3control/create-access-point.md
+++ b//cli/latest/reference/s3control/create-access-point.md
@@ -15 +15 @@
-  * [AWS CLI 2.28.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.28.12 Command Reference](../../index.html) »
@@ -80,0 +81,4 @@ The following actions are related to `CreateAccessPoint` :
+### Warning
+
+You must URL encode any signed header values that contain spaces. For example, if your header value is `my file.txt` , containing two spaces after `my` , you must URL encode this value to `my%20%20file.txt` .
+
@@ -265,0 +270,7 @@ JSON Syntax:
+> 
+> ### Note
+> 
+>   * You must have the `s3:TagResource` permission to create an access point with tags for a general purpose bucket.
+>   * You must have the `s3express:TagResource` permission to create an access point with tags for a directory bucket.
+> 
+
@@ -441 +452 @@ Alias -> (string)
-  * [AWS CLI 2.28.11 Command Reference](../../index.html) »
+  * [AWS CLI 2.28.12 Command Reference](../../index.html) »